[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Oct 27 08:12:53 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
39c9bcde by security tracker role at 2025-10-27T08:12:46+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,299 @@
+CVE-2025-62988 (Server-Side Request Forgery (SSRF) vulnerability in Codeless Slider Te ...)
+ TODO: check
+CVE-2025-62987 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62986 (Cross-Site Request Forgery (CSRF) vulnerability in FanBridge FanBridge ...)
+ TODO: check
+CVE-2025-62985 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62984 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62983 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62982 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62981 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...)
+ TODO: check
+CVE-2025-62980 (Missing Authorization vulnerability in MDZ Persian Admnin Fonts persia ...)
+ TODO: check
+CVE-2025-62979 (Insertion of Sensitive Information Into Sent Data vulnerability in air ...)
+ TODO: check
+CVE-2025-62978 (Missing Authorization vulnerability in Kiotviet KiotViet Sync kiotviet ...)
+ TODO: check
+CVE-2025-62977 (Missing Authorization vulnerability in \u6c83\u4e4b\u6d9b \u767e\u5ea6 ...)
+ TODO: check
+CVE-2025-62976 (Missing Authorization vulnerability in Joovii Sendle Shipping official ...)
+ TODO: check
+CVE-2025-62975 (Cross-Site Request Forgery (CSRF) vulnerability in raychat Raychat ray ...)
+ TODO: check
+CVE-2025-62974 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62973 (Missing Authorization vulnerability in Themekraft BuddyForms buddyform ...)
+ TODO: check
+CVE-2025-62972 (Missing Authorization vulnerability in WPWebinarSystem WebinarPress wp ...)
+ TODO: check
+CVE-2025-62971 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62970 (Missing Authorization vulnerability in Spencer Haws Link Whisper Free ...)
+ TODO: check
+CVE-2025-62969 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62968 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62967 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62966 (Missing Authorization vulnerability in Apiki GoCache gocache-cdn allow ...)
+ TODO: check
+CVE-2025-62965 (Missing Authorization vulnerability in wpseek Admin Management Xtended ...)
+ TODO: check
+CVE-2025-62964 (Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-fi ...)
+ TODO: check
+CVE-2025-62963 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62962 (Cross-Site Request Forgery (CSRF) vulnerability in Andrea Landonio Clo ...)
+ TODO: check
+CVE-2025-62959 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-62958 (Cross-Site Request Forgery (CSRF) vulnerability in Clifton Griffin Sim ...)
+ TODO: check
+CVE-2025-62957 (Cross-Site Request Forgery (CSRF) vulnerability in NikanWP NikanWP Woo ...)
+ TODO: check
+CVE-2025-62956 (Cross-Site Request Forgery (CSRF) vulnerability in iseremet Reloadly r ...)
+ TODO: check
+CVE-2025-62954 (Missing Authorization vulnerability in Codeinwp Revive Old Posts tweet ...)
+ TODO: check
+CVE-2025-62953 (Missing Authorization vulnerability in nanbu Welcart e-Commerce usc-e- ...)
+ TODO: check
+CVE-2025-62952 (Missing Authorization vulnerability in QuantumCloud ChatBot chatbot al ...)
+ TODO: check
+CVE-2025-62951 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62949 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62948 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62947 (Insertion of Sensitive Information Into Sent Data vulnerability in pub ...)
+ TODO: check
+CVE-2025-62946 (Missing Authorization vulnerability in everestthemes Everest Backup ev ...)
+ TODO: check
+CVE-2025-62945 (Cross-Site Request Forgery (CSRF) vulnerability in Eduard Pinuaga Lina ...)
+ TODO: check
+CVE-2025-62944 (Missing Authorization vulnerability in Mark O'Donnell MSTW CSV EXPORTE ...)
+ TODO: check
+CVE-2025-62943 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62942 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62941 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62940 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62939 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62938 (Missing Authorization vulnerability in Reoon Technology Reoon Email Ve ...)
+ TODO: check
+CVE-2025-62937 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62936 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+ TODO: check
+CVE-2025-62935 (Missing Authorization vulnerability in ilmosys Open Close WooCommerce ...)
+ TODO: check
+CVE-2025-62934 (Cross-Site Request Forgery (CSRF) vulnerability in Mejar WP Business H ...)
+ TODO: check
+CVE-2025-62933 (Cross-Site Request Forgery (CSRF) vulnerability in Prakash Awesome Tes ...)
+ TODO: check
+CVE-2025-62932 (Missing Authorization vulnerability in wprio Table Block by RioVizual ...)
+ TODO: check
+CVE-2025-62931 (Missing Authorization vulnerability in microsoftstart MSN Partner Hub ...)
+ TODO: check
+CVE-2025-62930 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62929 (Missing Authorization vulnerability in PickPlugins Testimonial Slider ...)
+ TODO: check
+CVE-2025-62928 (Missing Authorization vulnerability in Joby Joseph SEO Meta Descriptio ...)
+ TODO: check
+CVE-2025-62927 (Missing Authorization vulnerability in Nelio Software Nelio Content ne ...)
+ TODO: check
+CVE-2025-62925 (Missing Authorization vulnerability in Conversios Conversios.io enhanc ...)
+ TODO: check
+CVE-2025-62924 (Missing Authorization vulnerability in PickPlugins Post Grid and Guten ...)
+ TODO: check
+CVE-2025-62923 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62922 (Missing Authorization vulnerability in Shambhu Patnaik Export Categori ...)
+ TODO: check
+CVE-2025-62921 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62920 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62919 (Missing Authorization vulnerability in themeshopy TS Demo Importer ts- ...)
+ TODO: check
+CVE-2025-62918 (Missing Authorization vulnerability in ignitionwp IgnitionDeck ignitio ...)
+ TODO: check
+CVE-2025-62917 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62916 (Missing Authorization vulnerability in adivaha\xae Flights & Hotel ...)
+ TODO: check
+CVE-2025-62915 (Missing Authorization vulnerability in clicksend SMS Contact Form 7 No ...)
+ TODO: check
+CVE-2025-62913 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62912 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62911 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62910 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62909 (Missing Authorization vulnerability in mrityunjay Smart WeTransfer sma ...)
+ TODO: check
+CVE-2025-62908 (Missing Authorization vulnerability in gerritvanaaken Podlove Web Play ...)
+ TODO: check
+CVE-2025-62907 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62906 (Missing Authorization vulnerability in epiphanyit321 Referral Link Tra ...)
+ TODO: check
+CVE-2025-62905 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62904 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62903 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62902 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-62900 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62899 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62898 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62897 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+ TODO: check
+CVE-2025-62896 (Cross-Site Request Forgery (CSRF) vulnerability in digitaldonkey Multi ...)
+ TODO: check
+CVE-2025-62895 (Insertion of Sensitive Information Into Sent Data vulnerability in Vit ...)
+ TODO: check
+CVE-2025-62894 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62893 (Authorization Bypass Through User-Controlled Key vulnerability in medi ...)
+ TODO: check
+CVE-2025-62892 (Missing Authorization vulnerability in sunshinephotocart Sunshine Phot ...)
+ TODO: check
+CVE-2025-62891 (Cross-Site Request Forgery (CSRF) vulnerability in Jory Hogeveen Off-C ...)
+ TODO: check
+CVE-2025-62890 (Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce ...)
+ TODO: check
+CVE-2025-62889 (Missing Authorization vulnerability in KingAddons.com King Addons for ...)
+ TODO: check
+CVE-2025-62887 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62886 (Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Pricing Ta ...)
+ TODO: check
+CVE-2025-62885 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62884 (Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon ...)
+ TODO: check
+CVE-2025-62883 (Missing Authorization vulnerability in Premmerce Premmerce User Roles ...)
+ TODO: check
+CVE-2025-62882 (Missing Authorization vulnerability in Craig Hewitt Seriously Simple P ...)
+ TODO: check
+CVE-2025-62881 (Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay ...)
+ TODO: check
+CVE-2025-58918 (Cross-Site Request Forgery (CSRF) vulnerability in Waituk Entrada them ...)
+ TODO: check
+CVE-2025-48088 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-12246 (A security flaw has been discovered in chatwoot up to 4.7.0. This issu ...)
+ TODO: check
+CVE-2025-12245 (A vulnerability was identified in chatwoot up to 4.7.0. This vulnerabi ...)
+ TODO: check
+CVE-2025-12244 (A vulnerability was determined in code-projects Simple E-Banking Syste ...)
+ TODO: check
+CVE-2025-12243 (A vulnerability was found in code-projects Client Details System 1.0. ...)
+ TODO: check
+CVE-2025-12242 (A vulnerability has been found in CodeAstro Gym Management System 1.0. ...)
+ TODO: check
+CVE-2025-12241 (A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557_B20221024 ...)
+ TODO: check
+CVE-2025-12240 (A security vulnerability has been detected in TOTOLINK A3300R 17.0.0cu ...)
+ TODO: check
+CVE-2025-12239 (A weakness has been identified in TOTOLINK A3300R 17.0.0cu.557_B202210 ...)
+ TODO: check
+CVE-2025-12238 (A security flaw has been discovered in code-projects Automated Voting ...)
+ TODO: check
+CVE-2025-12237 (A vulnerability was identified in projectworlds Advanced Library Manag ...)
+ TODO: check
+CVE-2025-12236 (A vulnerability was determined in Tenda CH22 1.0.0.1. This issue affec ...)
+ TODO: check
+CVE-2025-12235 (A vulnerability was found in Tenda CH22 1.0.0.1. This vulnerability af ...)
+ TODO: check
+CVE-2025-12234 (A vulnerability has been found in Tenda CH22 1.0.0.1. This affects the ...)
+ TODO: check
+CVE-2025-12233 (A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is ...)
+ TODO: check
+CVE-2025-12232 (A vulnerability was detected in Tenda CH22 1.0.0.1. Affected by this v ...)
+ TODO: check
+CVE-2025-12231 (A security vulnerability has been detected in projectworlds Expense Ma ...)
+ TODO: check
+CVE-2025-12230 (A weakness has been identified in projectworlds Expense Management Sys ...)
+ TODO: check
+CVE-2025-12229 (A security flaw has been discovered in projectworlds Expense Managemen ...)
+ TODO: check
+CVE-2025-12228 (A vulnerability was identified in projectworlds Expense Management Sys ...)
+ TODO: check
+CVE-2025-12227 (A vulnerability was determined in projectworlds Gate Pass Management S ...)
+ TODO: check
+CVE-2025-12226 (A vulnerability was found in SourceCodester Best House Rental Manageme ...)
+ TODO: check
+CVE-2025-12225 (A vulnerability has been found in Tenda AC6 15.03.06.50. This issue af ...)
+ TODO: check
+CVE-2025-12224 (A flaw has been found in Iqbolshoh php-business-website up to 10677743 ...)
+ TODO: check
+CVE-2025-12223 (A vulnerability was detected in Bdtask Flight Booking Software up to 3 ...)
+ TODO: check
+CVE-2025-12222 (A security vulnerability has been detected in Bdtask Flight Booking So ...)
+ TODO: check
+CVE-2025-12215 (A flaw has been found in projectworlds Online Shopping System 1.0. Imp ...)
+ TODO: check
+CVE-2025-12214 (A vulnerability was detected in Tenda O3 1.0.0.10(2478). This issue af ...)
+ TODO: check
+CVE-2025-12213 (A security vulnerability has been detected in Tenda O3 1.0.0.10(2478). ...)
+ TODO: check
+CVE-2025-12212 (A weakness has been identified in Tenda O3 1.0.0.10(2478). This affect ...)
+ TODO: check
+CVE-2025-12211 (A security flaw has been discovered in Tenda O3 1.0.0.10(2478). Affect ...)
+ TODO: check
+CVE-2025-12210 (A vulnerability was identified in Tenda O3 1.0.0.10(2478). Affected by ...)
+ TODO: check
+CVE-2025-12209 (A vulnerability was determined in Tenda O3 1.0.0.10(2478). Affected is ...)
+ TODO: check
+CVE-2025-12208 (A vulnerability was found in SourceCodester Best House Rental Manageme ...)
+ TODO: check
+CVE-2025-12207 (A vulnerability has been found in Kamailio 5.5. This affects the funct ...)
+ TODO: check
+CVE-2025-12206 (A flaw has been found in Kamailio 5.5. The impacted element is the fun ...)
+ TODO: check
+CVE-2025-12205 (A vulnerability was detected in Kamailio 5.5. The affected element is ...)
+ TODO: check
+CVE-2025-12204 (A security vulnerability has been detected in Kamailio 5.5. Impacted i ...)
+ TODO: check
+CVE-2025-12203 (A weakness has been identified in givanz Vvveb up to 1.0.7.3. This iss ...)
+ TODO: check
+CVE-2025-12202 (A security flaw has been discovered in ajayrandhawa User-Management-PH ...)
+ TODO: check
+CVE-2025-12201 (A vulnerability was identified in ajayrandhawa User-Management-PHP-MYS ...)
+ TODO: check
+CVE-2025-12200 (A vulnerability was determined in dnsmasq up to 2.73rc6. Affected by t ...)
+ TODO: check
+CVE-2025-12199 (A vulnerability was found in dnsmasq up to 2.73rc6. Affected by this v ...)
+ TODO: check
+CVE-2025-12198 (A vulnerability has been found in dnsmasq up to 2.73rc6. Affected is t ...)
+ TODO: check
+CVE-2025-12055 (HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauth ...)
+ TODO: check
+CVE-2025-11682 (Stored cross-site scripting (XSS) vulnerability in the LMT Dashboard o ...)
+ TODO: check
+CVE-2025-11154 (The IDonate WordPress plugin before 2.1.13 does not have authorisatio ...)
+ TODO: check
CVE-2025-12285 (Missing Initial Password Change.This issue affects BLU-IC2: through 1. ...)
NOT-FOR-US: Azure Access Technology
CVE-2025-12284 (Lack of Input Validation in the web UI might lead to potential exploit ...)
@@ -589,17 +885,17 @@ CVE-2025-10355 (Open redirection vulnerability in MOLGENIS EMX2 v11.14.0. This v
NOT-FOR-US: MOLGENIS EMX2
CVE-2024-14011
REJECTED
-CVE-2025-11989
+CVE-2025-11989 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
- gitlab <not-affected> (Specific to EE)
-CVE-2025-6601
+CVE-2025-6601 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
- gitlab <not-affected> (Specific to EE)
-CVE-2025-11971
+CVE-2025-11971 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
- gitlab <unfixed>
-CVE-2025-11974
+CVE-2025-11974 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <not-affected> (Vulnerable code not present)
-CVE-2025-11447
+CVE-2025-11447 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <unfixed>
-CVE-2025-10497
+CVE-2025-10497 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <not-affected> (Vulnerable code not present)
CVE-2025-11702
- gitlab <not-affected> (Specific to EE)
@@ -3926,7 +4222,7 @@ CVE-2025-11721 (Memory safety bug present in Firefox 143 and Thunderbird 143. Th
- firefox 144.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11721
CVE-2025-11715 (Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3 ...)
- {DSA-6040-1 DSA-6025-1 DLA-4335-1}
+ {DSA-6040-1 DSA-6025-1 DLA-4351-1 DLA-4335-1}
- firefox 144.0-1
- firefox-esr 140.4.0esr-1
- thunderbird 1:140.4.0esr-1
@@ -3934,7 +4230,7 @@ CVE-2025-11715 (Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/#CVE-2025-11715
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/#CVE-2025-11715
CVE-2025-11714 (Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, T ...)
- {DSA-6040-1 DSA-6025-1 DLA-4335-1}
+ {DSA-6040-1 DSA-6025-1 DLA-4351-1 DLA-4335-1}
- firefox 144.0-1
- firefox-esr 140.4.0esr-1
- thunderbird 1:140.4.0esr-1
@@ -3958,7 +4254,7 @@ CVE-2025-11718 (When the address bar was hidden due to scrolling on Android, a m
- firefox 144.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11718
CVE-2025-11712 (A malicious page could have used the type attribute of an OBJECT tag t ...)
- {DSA-6040-1 DSA-6025-1 DLA-4335-1}
+ {DSA-6040-1 DSA-6025-1 DLA-4351-1 DLA-4335-1}
- firefox 144.0-1
- firefox-esr 140.4.0esr-1
- thunderbird 1:140.4.0esr-1
@@ -3972,7 +4268,7 @@ CVE-2025-11716 (Links in a sandboxed iframe could open an external app on Androi
- firefox <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11716
CVE-2025-11711 (There was a way to change the value of JavaScript Object properties th ...)
- {DSA-6040-1 DSA-6025-1 DLA-4335-1}
+ {DSA-6040-1 DSA-6025-1 DLA-4351-1 DLA-4335-1}
- firefox 144.0-1
- firefox-esr 140.4.0esr-1
- thunderbird 1:140.4.0esr-1
@@ -3980,7 +4276,7 @@ CVE-2025-11711 (There was a way to change the value of JavaScript Object propert
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/#CVE-2025-11711
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/#CVE-2025-11711
CVE-2025-11710 (A compromised web process using malicious IPC messages could have caus ...)
- {DSA-6040-1 DSA-6025-1 DLA-4335-1}
+ {DSA-6040-1 DSA-6025-1 DLA-4351-1 DLA-4335-1}
- firefox 144.0-1
- firefox-esr 140.4.0esr-1
- thunderbird 1:140.4.0esr-1
@@ -3988,7 +4284,7 @@ CVE-2025-11710 (A compromised web process using malicious IPC messages could hav
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/#CVE-2025-11710
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/#CVE-2025-11710
CVE-2025-11709 (A compromised web process was able to trigger out of bounds reads and ...)
- {DSA-6040-1 DSA-6025-1 DLA-4335-1}
+ {DSA-6040-1 DSA-6025-1 DLA-4351-1 DLA-4335-1}
- firefox 144.0-1
- firefox-esr 140.4.0esr-1
- thunderbird 1:140.4.0esr-1
@@ -3996,7 +4292,7 @@ CVE-2025-11709 (A compromised web process was able to trigger out of bounds read
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/#CVE-2025-11709
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/#CVE-2025-11709
CVE-2025-11708 (Use-after-free in MediaTrackGraphImpl::GetInstance() This vulnerabilit ...)
- {DSA-6040-1 DSA-6025-1 DLA-4335-1}
+ {DSA-6040-1 DSA-6025-1 DLA-4351-1 DLA-4335-1}
- firefox 144.0-1
- firefox-esr 140.4.0esr-1
- thunderbird 1:140.4.0esr-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39c9bcde0d9933630bb137de45232cc730f4483a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39c9bcde0d9933630bb137de45232cc730f4483a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251027/404ca81d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list